WeChat and Data Regulation Laws in China

Contact Us

Contact Us

[contact-form-7 404 "Not Found"]

Cybersecurity law of China

China’s regulations on data flow are strict and according to China’s Cybersecurity Law, all personal information and other key data gathered and produced by network operators are required to be stored on servers located within mainland China. They are also required to maintain related logs for not fewer than 6 months.

For the gathering and use of personal data, the consent of the individual is required. At the same time, consent is not required if the personal information collected is anonymized and cannot be restored to its original state.

If any company wants to transfer data outside of the country, then they must receive government permission to do so and must undergo a security review. The law is not only applicable to companies working within China but is applicable to any company that conducts business in China or provides products or services to China.

WeChat privacy control updates

In its service agreement, WeChat says that it has the right to decide how long it can store individual user data on a case-by-case basis. It also says that WeChat is required by law to retain, preserve or disclose your personal information for a longer period of time.

WeChat has also restricted the right to collect sensitive personal information restricted to a smaller group of third-party developers. Now, these developers have to explain what personal information they are collecting and how they are collecting and using it.

Earlier Tencent Holdings, who are the owners of WeChat, had made it clear that it is not storing any user’s chat history and it is stored only on the user’s phone, computer or any other terminal devices. In a post, WeChat also mentioned that it is not using user content for big data analysis either. WeChat monitoring messages were thus categorically denied by the company.

Impact on US and EU companies

It is very important for foreign firms to comply with Chinese laws strictly as infringing the law could get you fined, detained, or even imprisoned. China’s Cybersecurity laws require companies that do business with Chinese entities to store data on local servers. So, the companies must either invest in new data centers in China or hire a local service provider.

WeChat compliance rules in the US and EU require a company to do WeChat archiving and WeChat monitoring. Therefore, while you are doing business in China you must make sure that you inform customers about the purpose, manner and scope for the collection and use of personal information. Companies must also get due consent from individual users on such collection and use of personal information.

It is also the responsibility of the companies to warn users against breaking the law and restrict the publication of posts or suspend or close down accounts that violate the law. At the same time, companies must also preserve related records for authorities.

Comparisons with GDPR

Right to be forgotten and deleted – In GDPR, data subjects have the right to obtain the erasure of personal information from the controller in several circumstances including where (1) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; or (2) the data subject withdraws consent and there is no other ground for the processing.

In Chinese rules, the data subjects have the right to get from the controller the erasure of personal information where (1) controllers violate provisions of the laws and regulations in collecting or using personal information; or (2) controllers violate agreements with the data subject in collecting or using personal information.

Right to data portability: According to GDPR law, the subject has the right to obtain the personal data that he or she has provided the controller in a structured manner, and to transmit it to or have it transmitted to another controller.

In Chinese rules, the controller shall provide the data subject the personal information copies or transmit the copies to a third party on the premise of technical feasibility.

Right to withdraw consent – As per GDPR law, the data subject shall have the right to withdraw the consent at any time. It shall be easy to withdraw consent as to give it.

On the subject of withdrawal of consent, Chinese rules state that the controller should provide the method of withdrawing consent and once the consent is withdrawn, personal information of the person must not be processed.

Rules on data breaches – According to GDPR, once the controller becomes aware of the data breach, he or she must provide notification to the supervisory authority without undue delay and where possible, must do it within 72 hours.

Chinese laws stipulate to report particularly significant cases to the emergency office immediately. Entities must notify the data subjects by email, letter, push notification or other means. If individual notification is not feasible, the entity must issue public warnings.

Cross-border data transfer – In GDPR law, cross-border transfer of data may take place only to an adequate jurisdiction or the data exporter has implemented a lawful data transfer mechanism with necessary approvals and controls.

In Chinese law, there are restrictions for Critical Information Infrastructure Operators and they are required to keep personal information and important data within mainland China and if they have to go for cross-border data transfer, they have to undergo a security assessment.

With our multiple archiving methods, you can find the right tools for your needs.

About TeleMessage

TeleMessage captures and retains mobile content, including mobile SMS messages, voice calls, and WeChat conversations from corporate or BYOD mobile phones to ensure compliance with various data protection regulations. The messages are securely and reliably retained within TeleMessage servers or forwarded to your choice archiving data storage vendor.

Our mobile archiving products securely record content from mobile carriers and mobile devices for various ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements:

TeleMessage offers cross-carrier and international mobile text & calls archiving for corporate and BYOD phones. Visit our website at www.telemessage.com to learn more about our mobile archiving products.

WeChat archiving

Skip to content